经 AI Skill Hub 精选评估,漏洞检测LLM 获评「强烈推荐」。这款Agent工作流在功能完整性、社区活跃度和易用性方面表现出色,AI 评分 8.0 分,适合有一定技术背景的用户使用。
漏洞检测LLM 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
漏洞检测LLM 是一套完整的 AI Agent 自动化工作流方案。通过可视化的节点编排,将复杂的多步骤任务拆解为清晰的自动化流程,实现全程无人值守的智能处理。支持与数百种外部服务和 API 无缝集成,适合构建数据处理管线、业务自动化和 AI 辅助决策系统。
# 方式一:pip 安装(推荐)
pip install awesome-llms-for-vulnerability-detection
# 方式二:虚拟环境安装(推荐生产环境)
python -m venv .venv
source .venv/bin/activate # Windows: .venv\Scripts\activate
pip install awesome-llms-for-vulnerability-detection
# 方式三:从源码安装(获取最新功能)
git clone https://github.com/huhusmang/Awesome-LLMs-for-Vulnerability-Detection
cd Awesome-LLMs-for-Vulnerability-Detection
pip install -e .
# 验证安装
python -c "import awesome_llms_for_vulnerability_detection; print('安装成功')"
# 命令行使用
awesome-llms-for-vulnerability-detection --help
# 基本用法
awesome-llms-for-vulnerability-detection input_file -o output_file
# Python 代码中调用
import awesome_llms_for_vulnerability_detection
# 示例
result = awesome_llms_for_vulnerability_detection.process("input")
print(result)
# awesome-llms-for-vulnerability-detection 配置文件示例(config.yml) app: name: "awesome-llms-for-vulnerability-detection" debug: false log_level: "INFO" # 运行时指定配置文件 awesome-llms-for-vulnerability-detection --config config.yml # 或通过环境变量配置 export AWESOME_LLMS_FOR_VULNERABILITY_DETECTION_API_KEY="your-key" export AWESOME_LLMS_FOR_VULNERABILITY_DETECTION_OUTPUT_DIR="./output"
| Title | Venue | Year | Paper | Github |
|---|---|---|---|---|
| VulnGym: A Real-World, Project-Level Vulnerability Benchmark for White-Box Vulnerability-Hunting Agents | 2026 | [link](https://github.com/Tencent/VulnGym) | ||
| VulTriage: Triple-Path Context Augmentation for LLM-Based Vulnerability Detection | 2026 | [link](https://arxiv.org/abs/2605.09461) | [link](https://github.com/vinsontang1/VulTriage) | |
| Synthesizing Multi-Agent Harnesses for Vulnerability Discovery | 2026 | [link](https://arxiv.org/abs/2604.20801) | [link](https://github.com/berabuddies/agentflow) | |
| QRS: A Rule-Synthesizing Neuro-Symbolic Triad for Autonomous Vulnerability Discovery | 2026 | [link](https://arxiv.org/abs/2602.09774) | ||
| SecLens: Benchmarking LLM Vulnerability Detection Through 5 Stakeholder Lenses on 406 Real-World CVEs | 2026 | [link](https://arxiv.org/abs/2604.01637) | [link](https://github.com/mattersec-labs/seclens) | |
| The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern? | 2026 | [link](https://arxiv.org/abs/2601.22655) | ||
| Sifting the Noise: A Comparative Study of LLM Agents in Vulnerability False Positive Filtering | 2026 | [link](https://arxiv.org/abs/2601.22952) | ||
| AgenticSCR: An Autonomous Agentic Secure Code Review for Immature Vulnerabilities Detection | 2026 | [link](https://arxiv.org/abs/2601.19138) | ||
| LLM-Based Vulnerability Detection at Project Scale: An Empirical Study | 2026 | [link](https://arxiv.org/abs/2601.19239) | ||
| MulVul: Retrieval-Augmented Multi-Agent Code Vulnerability Detection via Cross-Model Prompt Evolution | 2026 | [link](https://arxiv.org/abs/2601.18847) | ||
| VulnLLM-R: Specialized Reasoning LLM with Agent Scaffold for Vulnerability Detection | 2025 | [link](https://arxiv.org/abs/2512.07533) | ||
| VULPO: Context-Aware Vulnerability Detection via on-Policy LLM Optimization | 2025 | [link](https://arxiv.org/abs/2511.11896) | ||
| Specification-Guided Vulnerability Detection with Large Language Models | 2025 | [link](https://arxiv.org/abs/2511.04014) | ||
| From Large to Mammoth: A Comparative Evaluation of Large Language Models in Vulnerability Detection | NDSS | 2025 | [link](https://www.ndss-symposium.org/ndss-paper/from-large-to-mammoth-a-comparative-evaluation-of-large-language-models-in-vulnerability-detection/) | |
| Benchmarking LLMs and LLM-based Agents in Practical Vulnerability Detection for Code Repositories | ACL | 2025 | [link](https://aclanthology.org/2025.acl-long.1490/) | [link](https://github.com/alperen21/JitVul) |
| A Systematic Literature Review on Detecting Software Vulnerabilities with Large Language Models | 2025 | [link](https://arxiv.org/abs/2507.22659) | [link](https://github.com/hs-esslingen-it-security/Awesome-LLM4SVD) | |
| LLMxCPG: Context-Aware Vulnerability Detection Through Code Property Graph-Guided Large Language Models | Usenix | 2025 | [link](https://arxiv.org/abs/2507.16585) | [link](https://github.com/qcri/llmxcpg) |
| CLeVeR: Multi-modal Contrastive Learning for Vulnerability Code Representation | ACL Findings | 2025 | [link](https://aclanthology.org/2025.findings-acl.414/) | [link](https://github.com/yoimiya-nlp/CLeVeR) |
| Mono: Is Your "Clean" Vulnerability Dataset Really Solvable? Exposing and Trapping Undecidable Patches and Beyond | 2025 | [link](https://arxiv.org/abs/2506.03651) | [link](https://github.com/vul337/mono) | |
| Learning to Focus: Context Extraction for Efficient Code Vulnerability Detection with Language Models | 2025 | [link](https://arxiv.org/abs/2505.17460) | ||
| SV-TrustEval-C: Evaluating Structure and Semantic Reasoning in Large Language Models for Source Code Vulnerability Analysis | SP | 2025 | [link](https://arxiv.org/abs/2505.20630) | [link](https://github.com/Jackline97/SV-TrustEval-C) |
| SecVulEval: Benchmarking LLMs for Real-World C/C++ Vulnerability Detection | 2025 | [link](https://arxiv.org/abs/2505.19828) | [link](https://github.com/basimbd/secvuleval) | |
| CVE-Bench: Benchmarking LLM-based Software Engineering Agent’s Ability to Repair Real-World CVE Vulnerabilities | NAACL | 2025 | [link](https://aclanthology.org/2025.naacl-long.212/) | [link](https://github.com/WhileBug/CVEBench) |
| R2Vul: Learning to Reason about Software Vulnerabilities with Reinforcement Learning and Structured Reasoning Distillation | 2025 | [link](https://arxiv.org/abs/2504.04699) | [link](https://github.com/martin-wey/R2Vul) | |
| Automated static vulnerability detection via a holistic neuro-symbolic approach | 2025 | [link](https://arxiv.org/abs/2504.16057) | ||
| Context-Enhanced Vulnerability Detection Based on Large Language Model | 2025 | [link](https://arxiv.org/abs/2504.16877) | ||
| Everything you wanted to know about LLM-based vulnerability detection but were afraid to ask | 2025 | [link](https://arxiv.org/abs/2504.13474) | [link](https://anonymous.4open.science/r/CORRECT/README.md) | |
| MOS: Towards Effective Smart Contract Vulnerability Detection through Mixture-of-Experts Tuning of Large Language Models | 2025 | [link](https://arxiv.org/abs/2504.12234) | ||
| Abundant modalities offer more nutrients: multi-modal-based function-level vulnerability detection | TOSEM | 2025 | [link](https://dl.acm.org/doi/10.1145/3731557) | [link](https://github.com/vinci-grape/MVulD) |
| Generative Large Language Model usage in Smart Contract Vulnerability Detection | 2025 | [link](https://arxiv.org/abs/2504.04685) | ||
| Closing the Gap: A User Study on the Real-world Usefulness of AI-powered Vulnerability Detection & Repair in the IDE | ICSE | 2025 | [link](https://www.arxiv.org/abs/2412.14306) | [link](https://doi.org/10.6084/m9.figshare.26367139) |
| Vulnerability Detection with Code Language Models: How Far Are We? | ICSE | 2025 | [link](https://arxiv.org/abs/2403.18624) | [link](https://github.com/DLVulDet/PrimeVul) |
| Combining Fine-Tuning and LLM-based Agents for Intuitive Smart Contract Auditing with Justifications | ICSE | 2025 | [link](https://arxiv.org/abs/2403.16073) | |
| LAMD: Context-driven Android Malware Detection and Classification with LLMs | 2025 | [link](http://arxiv.org/abs/2502.13055) | ||
| LLMs in Software Security: A Survey of Vulnerability Detection Techniques and Insights | 2025 | [link](https://arxiv.org/abs/2502.07049) | [link](https://github.com/OwenSanzas/LLM-For-Software-Security) | |
| One-for-All Does Not Work! Enhancing Vulnerability Detection by Mixture-of-Experts (MoE) | 2025 | [link](https://arxiv.org/abs/2501.16454) | ||
| Leveraging Semantic Relations in Code and Data to Enhance Taint Analysis of Embedded Systems | Usenix | 2024 | [link](https://www.usenix.org/system/files/usenixsecurity24-zhao.pdf) | [link](https://sites.google.com/view/lara-data) |
| Effective Vulnerable Function Identification based on CVE Description Empowered by Large Language Models | ASE | 2024 | [link](https://doi.org/10.1145/3691620.3695013) | [link](https://github.com/CGCL-codes/VFFinder) |
| SCALE: Constructing Structured Natural Language Comment Trees for Software Vulnerability Detection | ISSTA | 2024 | [link](https://doi.org/10.1145/3650212.3652124) | [link](https://github.com/Xin-Cheng-Wen/Comment4Vul) |
| LLMDFA: Analyzing Dataflow in Code with Large Language Model | NeurIPS | 2024 | [link](https://chengpeng-wang.github.io/publications/LLMDFA_NeurIPS2024.pdf) | [link](https://github.com/chengpeng-wang/LLMDFA) |
| Learning to Detect and Localize Multilingual Bugs | FSE | 2024 | [link](https://doi.org/10.1145/3660804) | |
| GPTScan: Detecting Logic Vulnerabilities in Smart Contracts by Combining GPT with Program Analysis | ICSE | 2024 | [link](https://doi.org/10.1145/3597503.3639117) | |
| Sanitizing Large Language Models in Bug Detection with Data-Flow | EMNLP | 2024 | [link](https://aclanthology.org/2024.findings-emnlp.217/) | [link](https://github.com/chengpeng-wang/LLMSAN) |
| RealVul: Can We Detect Vulnerabilities in Web Applications with LLM? | EMNLP | 2024 | [link](https://aclanthology.org/2024.emnlp-main.472) | |
| Where is it? Tracing the Vulnerability-relevant Files from Vulnerability Reports | ICSE | 2024 | [link](https://doi.org/10.1145/3597503.3639202) | [link](https://github.com/anonymous-77400046/vulnerability_file_trace) |
| Dataflow Analysis-Inspired Deep Learning for Efficient Vulnerability Detection | ICSE | 2024 | [link](https://doi.org/10.1145/3597503.3623345) | [link](https://doi.org/10.6084/m9.figshare.21225413) |
| Pre-training by Predicting Program Dependencies for Vulnerability Analysis Tasks | ICSE | 2024 | [link](https://doi.org/10.1145/3597503.3639142) | [link](https://github.com/ZJU-CTAG/PDBERT) |
| Investigating Large Language Models for Code Vulnerability Detection: An Experimental Study | 2024 | [link](https://arxiv.org/abs/2412.18260) | [link](https://github.com/SakiRinn/LLM4CVD) | |
| CleanVul: Automatic Function-Level Vulnerability Detection in Code Commits Using LLM Heuristics | 2024 | [link](https://arxiv.org/abs/2411.17274) | [link](https://github.com/yikun-li/CleanVul) | |
| An Empirical Study of Vulnerability Detection using Federated Learning | 2024 | [link](https://arxiv.org/abs/2411.16099) | ||
| LLM-SmartAudit: Advanced Smart Contract Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2410.09381) | [link](https://github.com/LLMAudit/LLMSmartAuditTool) | |
| Advancing Bug Detection in Fastjson2 with Large Language Models Driven Unit Test Generation | 2024 | [link](https://arxiv.org/abs/2410.09414) | ||
| Large Language Model for Vulnerability Detection and Repair: Literature Review and the Road Ahead | 2024 | [link](https://arxiv.org/abs/2404.02525) | ||
| StagedVulBERT: Multi-Granular Vulnerability Detection with a Novel Pre-trained Code Model | 2024 | [link](https://arxiv.org/abs/2410.05766) | [link](https://github.com/YuanJiangGit/StagedVulBERT) | |
| LLM4Vuln: A Unified Evaluation Framework for Decoupling and Enhancing LLMs' Vulnerability Reasoning | 2024 | [link](https://arxiv.org/abs/2401.16185) | ||
| Enhancing Source Code Security with LLMs: Demystifying The Challenges and Generating Reliable Repairs | 2024 | [link](https://arxiv.org/abs/2409.00571) | ||
| Outside the Comfort Zone: Analysing LLM Capabilities in Software Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2408.16400) | ||
| ANVIL: Anomaly-based Vulnerability Identification without Labelled Training Data | 2024 | [link](https://arxiv.org/abs/2408.16028) | ||
| Top Score on the Wrong Exam: On Benchmarking in Machine Learning for Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2408.12986) | ||
| Comparison of Static Application Security Testing Tools and Large Language Models for Repo-level Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2407.16235) | ||
| Vul-RAG: Enhancing LLM-based Vulnerability Detection via Knowledge-level RAG | 2024 | [link](https://arxiv.org/abs/2406.11147) | ||
| Security Vulnerability Detection with Multitask Self-Instructed Fine-Tuning of Large Language Models | 2024 | [link](https://arxiv.org/abs/2406.05892) | ||
| Generalization-Enhanced Code Vulnerability Detection via Multi-Task Instruction Fine-Tuning | ACL Findings | 2024 | [link](https://aclanthology.org/2024.findings-acl.625/) | [link](https://github.com/CGCL-codes/VulLLM) |
| M2CVD: Enhancing Vulnerability Semantic through Multi-Model Collaboration for Code Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2406.05940) | [link](https://github.com/HotFrom/M2CVD) | |
| VulDetectBench: Evaluating the Deep Capability of Vulnerability Detection with Large Language Models | 2024 | [link](https://arxiv.org/abs/2406.07595) | [link](https://github.com/Sweetaroo/VulDetectBench) | |
| LLM-Assisted Static Analysis for Detecting Security Vulnerabilities | 2024 | [link](https://arxiv.org/abs/2405.17238) | ||
| Multi-role Consensus through LLMs Discussions for Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2403.14274) | [link](https://github.com/rockmao45/llmvulndetection) | |
| LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks | IEEE S&P | 2024 | [link](https://www.computer.org/csdl/proceedings-article/sp/2024/313000a019/1RjE9Wb4Wze) | [link](https://github.com/ai4cloudops/secllmholmes) |
| Large Language Model for Vulnerability Detection: Emerging Results and Future Directions | ICSE | 2024 | [link](https://dl.acm.org/doi/abs/10.1145/3639476.3639762) | |
| Prompt-Enhanced Software Vulnerability Detection Using ChatGPT | ICSE | 2024 | [link](https://dl.acm.org/doi/10.1145/3639478.3643065) | |
| DLAP: A Deep Learning Augmented Large Language Model Prompting Framework for Software Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2405.01202) | ||
| Harnessing Large Language Models for Software Vulnerability Detection: A Comprehensive Benchmarking Study | 2024 | [link](https://arxiv.org/abs/2405.15614) | ||
| Enhancing Static Analysis for Practical Bug Detection: An LLM-Integrated Approach | OOPSLA | 2024 | [link](https://dl.acm.org/doi/10.1145/3649828) | [link](https://github.com/seclab-ucr/LLift) |
| Source Code Vulnerability Detection: Combining Code Language Models and Code Property Graphs | 2024 | [link](https://arxiv.org/abs/2404.14719) | [link](https://github.com/vul-lmgnn/vul-lmggnn) | |
| Enhancing Code Vulnerability Detection via Vulnerability-Preserving Data Augmentation | LCTES | 2024 | [link](https://dl.acm.org/doi/10.1145/3652032.3657564) | |
| VulEval: Towards Repository-Level Evaluation of Software Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2404.15596) | ||
| Large Language Model for Vulnerability Detection and Repair: Literature Review and the Road Ahead | 2024 | [link](https://arxiv.org/abs/2404.02525) | ||
| A Comprehensive Study of the Capabilities of Large Language Models for Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2403.17218) | ||
| Chain-of-Thought Prompting of Large Language Models for Discovering and Fixing Software Vulnerabilities | 2024 | [link](https://arxiv.org/abs/2402.17230) | ||
| Finetuning Large Language Models for Vulnerability Detection | 2024 | [link](https://arxiv.org/abs/2401.17010) | [link](https://github.com/rmusab/vul-llm-finetune) | |
| How Far Have We Gone in Vulnerability Detection Using Large Language Models | 2023 | [link](https://arxiv.org/abs/2311.12420) | [link](https://github.com/Hustcw/VulBench) | |
| Transformer-based Vulnerability Detection in Code at EditTime: Zero-shot, Few-shot, or Fine-tuning? | 2023 | [link](https://arxiv.org/abs/2306.01754) | ||
| Software Vulnerability Detection using Large Language Models | IEEE | 2023 | [link](https://ieeexplore.ieee.org/abstract/document/10301302) | |
| DiverseVul: A New Vulnerable Source Code Dataset for Deep Learning Based Vulnerability Detection | RAID | 2023 | [link](https://dl.acm.org/doi/abs/10.1145/3607199.3607242) | |
| VulBERTa: Simplified Source Code Pre-Training for Vulnerability Detection | IEEE | 2022 | [link](https://ieeexplore.ieee.org/abstract/document/9892280) | |
| Deep Learning Based Vulnerability Detection: Are We There Yet? | IEEE | 2022 | [link](https://ieeexplore.ieee.org/abstract/document/9448435) | |
| Transformer-Based Language Models for Software Vulnerability Detection | ACSAC | 2022 | [link](https://dl.acm.org/doi/abs/10.1145/3564625.3567985) | |
| Software Vulnerability Detection Using Deep Neural Networks: A Survey | IEEE | 2020 | [link](https://ieeexplore.ieee.org/abstract/document/9108283) | |
| Devign: effective vulnerability identification by learning comprehensive program semantics via graph neural networks | NeurIPS | 2019 | [link](https://dl.acm.org/doi/abs/10.5555/3454287.3455202) | |
| μμVulDeePecker: A Deep Learning-Based System for Multiclass Vulnerability Detection | IEEE | 2019 | [link](https://ieeexplore.ieee.org/abstract/document/8846081) | |
| VulDeePecker: A Deep Learning-Based System for Vulnerability Detection | NDSS | 2018 | [link](https://www.ndss-symposium.org/wp-content/uploads/2018/02/ndss2018_03A-2_Li_paper.pdf) |
高质量的开源AI工作流,适用于代码安全和漏洞检测
AI Skill Hub 为第三方内容聚合平台,本页面信息基于公开数据整理,不对工具功能和质量作任何法律背书。
建议在沙箱或测试环境中充分验证后,再部署至生产环境,并做好必要的安全评估。
✅ MIT 协议 — 最宽松的开源协议之一,可自由商用、修改、分发,仅需保留版权声明。
AI Skill Hub 点评:漏洞检测LLM 的核心功能完整,质量优秀。对于自动化工程师和运维人员来说,这是一个值得纳入个人工具库的选择。建议先在非生产环境试用,再逐步推广。
| 原始名称 | Awesome-LLMs-for-Vulnerability-Detection |
| Topics | 代码安全LLM漏洞检测Python |
| GitHub | https://github.com/huhusmang/Awesome-LLMs-for-Vulnerability-Detection |
| License | MIT |
| 语言 | Python |
收录时间:2026-06-10 · 更新时间:2026-06-10 · License:MIT · AI Skill Hub 不对第三方内容的准确性作法律背书。
选择 Agent 类型,复制安装指令后粘贴到对应客户端